s->ext.ocsp.resp = NULL;
s->ext.ocsp.resp_len = 0;
SSL_CTX_up_ref(ctx);
- s->initial_ctx = ctx;
+ s->session_ctx = ctx;
#ifndef OPENSSL_NO_EC
if (ctx->ext.ecpointformats) {
s->ext.ecpointformats =
/* Free up if allocated */
OPENSSL_free(s->ext.hostname);
- SSL_CTX_free(s->initial_ctx);
+ SSL_CTX_free(s->session_ctx);
#ifndef OPENSSL_NO_EC
OPENSSL_free(s->ext.ecpointformats);
OPENSSL_free(s->ext.supportedgroups);
int SSL_renegotiate(SSL *s)
{
+ /*
+ * TODO(TLS1.3): Return an error for now. Perhaps we should do a KeyUpdate
+ * instead when we support that?
+ */
+ if (SSL_IS_TLS13(s))
+ return 0;
+
if (s->renegotiate == 0)
s->renegotiate = 1;
int SSL_renegotiate_abbreviated(SSL *s)
{
+ /*
+ * TODO(TLS1.3): Return an error for now. Perhaps we should do a KeyUpdate
+ * instead when we support that?
+ */
+ if (SSL_IS_TLS13(s))
+ return 0;
+
if (s->renegotiate == 0)
s->renegotiate = 1;
{
int idx;
- /*
- * TODO(TLS1.3): In TLS1.3 the selected certificate is not based on the
- * ciphersuite. For now though it still is. Our only TLS1.3 ciphersuite
- * forces the use of an RSA cert. This will need to change.
- */
+ if (SSL_IS_TLS13(s)) {
+ if (s->s3->tmp.sigalg == NULL) {
+ SSLerr(SSL_F_SSL_GET_SERVER_CERT_INDEX, ERR_R_INTERNAL_ERROR);
+ return -1;
+ }
+ return s->s3->tmp.cert_idx;
+ }
+
idx = ssl_cipher_get_cert_index(s->s3->tmp.new_cipher);
if (idx == SSL_PKEY_RSA_ENC && !s->cert->pkeys[SSL_PKEY_RSA_ENC].x509)
idx = SSL_PKEY_RSA_SIGN;
return -1;
}
- s->method->ssl_renegotiate_check(s);
+ s->method->ssl_renegotiate_check(s, 0);
if (SSL_in_init(s) || SSL_in_before(s)) {
if ((s->mode & SSL_MODE_ASYNC) && ASYNC_get_current_job() == NULL) {
if (ssl->ctx == ctx)
return ssl->ctx;
if (ctx == NULL)
- ctx = ssl->initial_ctx;
+ ctx = ssl->session_ctx;
new_cert = ssl_cert_dup(ctx->cert);
if (new_cert == NULL) {
return NULL;
return 0;
}
+ /* We only want the first 8 bytes of the encrypted premaster as a tag. */
return nss_keylog_int("RSA",
ssl,
encrypted_premaster,
- encrypted_premaster_len,
+ 8,
premaster,
premaster_len);
}
-int ssl_log_master_secret(SSL *ssl,
- const uint8_t *client_random,
- size_t client_random_len,
- const uint8_t *master,
- size_t master_len)
+int ssl_log_secret(SSL *ssl,
+ const char *label,
+ const uint8_t *secret,
+ size_t secret_len)
{
- /*
- * TLSv1.3 changes the derivation of the master secret compared to earlier
- * TLS versions, meaning that logging it out is less useful. Instead we
- * want to log out other secrets: specifically, the handshake and
- * application traffic secrets. For this reason, if this function is called
- * for TLSv1.3 we don't bother logging, and just return success
- * immediately.
- */
- if (SSL_IS_TLS13(ssl)) return 1;
-
- if (client_random_len != 32) {
- SSLerr(SSL_F_SSL_LOG_MASTER_SECRET, ERR_R_INTERNAL_ERROR);
- return 0;
- }
-
- return nss_keylog_int("CLIENT_RANDOM",
+ return nss_keylog_int(label,
ssl,
- client_random,
- client_random_len,
- master,
- master_len);
+ ssl->s3->client_random,
+ SSL3_RANDOM_SIZE,
+ secret,
+ secret_len);
}